In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.
References
Link | Resource |
---|---|
http://www.yuesec.com/img/cccccve/finecms_codeexec/finecmscodeexec_2017_07_06_submit.html | Exploit Mitigation Third Party Advisory |
http://www.yuesec.com/img/cccccve/finecms_codeexec/finecmscodeexec_2017_07_06_submit.html | Exploit Mitigation Third Party Advisory |
Configurations
History
21 Nov 2024, 03:06
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.yuesec.com/img/cccccve/finecms_codeexec/finecmscodeexec_2017_07_06_submit.html - Exploit, Mitigation, Third Party Advisory |
Information
Published : 2017-07-07 11:29
Updated : 2024-11-21 03:06
NVD link : CVE-2017-10968
Mitre link : CVE-2017-10968
CVE.ORG link : CVE-2017-10968
JSON object : View
Products Affected
finecms_project
- finecms
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')